[mrsimon]

We tend to think that the Blackberry devices are the most secure mobile phone devices of them all.

Now Samsung is announcing that it's now going to be the S10.

https://www.t3.com/news/samsung-gala...obody-else-has

Some BS about ultrasonic something or other?

What do you think? Does Blackberry need to do anything?

[pkcable]

I think the government, the most senior people get custom made android phones.

[Dunt Dunt Dunt]

We tend to think that the Blackberry devices are the most secure mobile phone devices of them all.

Now Samsung is announcing that it's now going to be the S10.

https://www.t3.com/news/samsung-gala...obody-else-has

Some BS about ultrasonic something or other?

What do you think? Does Blackberry need to do anything?

I don't see why a ultrasonic fingerprint reader would be BS.... Don't see where they mention anything about this being a more secure option, just would allow them to hide the button better. If that's true, yes that would benefit any OEM....

Security for most companies and governments, also includes a level of "trust". And "trust" is what BBMo needs to work on the most if they want to be used by those needing the most secure devices.

Not really sure how you overcome the Chinese factor or the finical problems...

[Troy Tiscareno]

It needs to be understood that - no matter which phone is used - it's the MANAGEMENT SYSTEM that an enterprise customer looks at for security, not just the phone OS.

Much of the most important security comes from locking down the phone, ensuring encryption is enabled, and being able to remote wipe it. Hell, just the fact that it can be restricted to downloading only white listed apps is huge - it keeps people from installing random crap or going to third-party app stores where there is no way to know where those apps came from or what happened to them along the way.

Stuff like the fingerprint scanner is consumer focused and many enterprises disable them anyway.

[Dunt Dunt Dunt]

It needs to be understood that - no matter which phone is used - it's the MANAGEMENT SYSTEM that an enterprise customer looks at for security, not just the phone OS.

Much of the most important security comes from locking down the phone, ensuring encryption is enabled, and being able to remote wipe it. Hell, just the fact that it can be restricted to downloading only white listed apps is huge - it keeps people from installing random crap or going to third-party app stores where there is no way to know where those apps came from or what happened to them along the way.

Stuff like the fingerprint scanner is consumer focused and many enterprises disable them anyway.

At this point I think Management is good enough that BYOD is fine for the vast majority of even regulated industries and government. Proable are some situations were more is needed, but no new BlackBerry products are listed on the DoDIN. Either they don't see any reason to bother testing them, or they didn't pass.

[thurask]

Since it's the S10 it'll presumably launch with P, so getting that on a BB device might help.

Either they don't see any reason to bother testing them, or they didn't pass.

If I had to guess, something like this.

[mrsimon]

Since it's the S10 it'll presumably launch with P, so getting that on a BB device might help.



If I had to guess, something like this.

Well, that doesn't bode well for BBMo, does it? Unless they can persuade the government that they are North American checked and approved.

[Emaderton3]

Does it matter though? Your ISP will always know what you are doing.

[Matt J]

Depends how you define "security". Almost every phone is "secure" if you set up a passcode or fingerprint. If people can't get it, it's secure. Also, if a phone can prevent malware attacks better than others, it is more secure.

"Privacy" is another matter. Google knows everything you're doing and everywhere you've been. Your ISP knows every website you visit. So privacy is an illusion. All phones are the same, iOS and Android.

BlackBerry might be more "secure", but certainly not more "private".

[bb10adopter111]

These conversations tend to go nowhere for several reasons:

1) lack of agreement on the meaning of "secure" Secure against what kind of threat? Remote criminal hacking? Sim swap hacks? Social engineering apps? Device theft? Insider threats? Radio surveillance? Legal warrants? Spying by a foreign or domestic government? Without specifying the threat, it's impossible to evaluate the effectiveness of the security model.

2) confusion between privacy and security. In some sense, and in the long run, they are probably the same thing, because anything that can compromise privacy can also compromise security with enough effort. But practically, in a given year, they are different.

3) lack of information about use case. Are we talking about securing Enterprise data or personal financial data or embarrassing photos?

4) lack of interest in the details. People don't want to accept the fact that it's a combination of the device, security model implementation and user behavior that creates a large or small attack surface. If you don't want to discuss the details, it's pointless to start the discussion.

For all the reasons above, I'm not going to recommend any device.


Posted with my trusty Z10

[mrsimon]

These conversations tend to go nowhere for several reasons:

1) lack of agreement on the meaning of "secure" Secure against what kind of threat? Remote criminal hacking? Sim swap hacks? Social engineering apps? Device theft? Insider threats? Radio surveillance? Legal warrants? Spying by a foreign or domestic government? Without specifying the threat, it's impossible to evaluate the effectiveness of the security model.

2) confusion between privacy and security. In some sense, and in the long run, they are probably the same thing, because anything that can compromise privacy can also compromise security with enough effort. But practically, in a given year, they are different.

3) lack of information about use case. Are we talking about securing Enterprise data or personal financial data or embarrassing photos?

4) lack of interest in the details. People don't want to accept the fact that it's a combination of the device, security model implementation and user behavior that creates a large or small attack surface. If you don't want to discuss the details, it's pointless to start the discussion.

For all the reasons above, I'm not going to recommend any device.


Posted with my trusty Z10

Great points. This is a forum for users, like myself, who are non-expert in these matters, so the level of analysis is supposed to be intelligent banter.
It's still interesting to listen to different points of view (in general).